Ledger Library Hack Exposes Crypto Users to Wallet-Draining Attack

Connect with us

A malicious code was injected into Ledger’s ConnectKit, a code library that connects dApps with Ledger devices.

The attack affected dozens of web3 dApps and resulted in the loss of over $600,000 worth of crypto assets.

The recent Ledger Library Hack highlights a critical vulnerability in the crypto ecosystem on Thursday morning, a hacker managed to compromise a code library maintained by Ledger, the leading hardware wallet provider. The library, called Ledger ConnectKit, is used by many web3 dApps to facilitate interactions between user wallets and blockchain applications.

A malicious code injected into Ledger’s ConnectKit library, used by numerous dApps, triggered the Ledger Library Hack that would prompt users to connect their wallets to a fake interface, and then drain their funds to an attacker-controlled address. The code was live for about five hours, from 6:00 am to 11:00 am ET, before Ledger detected and removed it.

According to BlockAid, a web3-focused cybersecurity firm, the hacker was able to steal over $600,000 worth of crypto assets from 75 different tokens, including ETH, USDT, and SUSHI. The hacker’s address was later blacklisted by Tether, the issuer of USDT.

How Did Ledger Library Hack Affect Users?

The Ledger Library Hack affected any user who interacted with a web3 dApp that used Ledger’s ConnectKit during the time of the compromise. This included popular platforms such as SushiSwap, Revoke.cash, and Zapper. Users who confirmed transactions with their crypto wallets, whether via Ledger or not, were at risk of losing their funds.

As soon as the Ledger Library Hack was discovered, prominent crypto developers and influencers warned users not to interact with any web3 dApps until further notice. SushiSwap and Revoke.cash took their front-end web apps offline to prevent users from being duped. WalletConnect, a popular interface for dapp developers who do not integrate Ledger directly, also issued a warning.

Source: Twitter

Ledger posted on X that a safe version of its ConnectKit was being propagated automatically, and recommended users to wait for 24 hours before using the connector again. The company also assured users that their Ledger devices and Ledger Live were not compromised, and that they would provide a comprehensive report as soon as possible.

Looking Ahead

Rebuilding Trust: This incident highlights the vulnerabilities inherent in the interconnectedness of the crypto ecosystem. Rebuilding trust and establishing robust security measures will be crucial for the industry’s long-term health.

Lessons Learned: The Ledger ConnectKit incident serves as a stark reminder of the importance of vigilance and proactive security measures. Both users and developers must remain vigilant and adopt best practices to protect themselves from evolving cyber threats.

How To Stay Safe?

Supply chain attacks pose a serious threat to the security and integrity of the web3 ecosystem, as they can undermine the trust and confidence of users and developers. To stay secure from future Ledger Library Hack-like incidents, users should follow some best practices, such as:

• Verify the source and authenticity of the code libraries, tools, or platforms that are used to interact with blockchain applications

• Use hardware wallets or other secure methods to store and access crypto assets

• Always check the address and details of the transactions before confirming them

• Avoid interacting with unknown or suspicious dApps or websites

• Stay updated on the latest security news and alerts from the crypto community